An update for kernel is now available for Red Hat Enterprise Linux 6.6Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco ExtendedUpdate Support.

Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.

Security Fix(es):

An industry-wide issue was found in the way many modern microprocessordesigns have implemented speculative execution of instructions (a commonlyused performance optimization). There are three primary variants of theissue which differ in the way the speculative execution can be exploited.

Note: This issue is present in hardware and cannot be fully fixed viasoftware update. The updated kernel packages provide software mitigationfor this hardware issue at a cost of potential performance penalty. Pleaserefer to References section for further information about this issue andthe performance impact.

In this update mitigations for x86-64 architecture are provided.

Variant CVE-2017-5753 triggers the speculative execution by performing abounds-check bypass. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact that memoryaccesses may cause allocation into the microprocessor's data cache even forspeculatively executed instructions that never actually commit (retire). Asa result, an unprivileged attacker could use this flaw to cross the syscallboundary and read privileged memory by conducting targeted cacheside-channel attacks. (CVE-2017-5753, Important)

Variant CVE-2017-5715 triggers the speculative execution by utilizingbranch target injection. It relies on the presence of a precisely-definedinstruction sequence in the privileged code as well as the fact that memoryaccesses may cause allocation into the microprocessor's data cache even forspeculatively executed instructions that never actually commit (retire). Asa result, an unprivileged attacker could use this flaw to cross the syscalland guest/host boundaries and read privileged memory by conducting targetedcache side-channel attacks. (CVE-2017-5715, Important)

Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors,during speculative execution of instruction permission faults, exceptiongeneration triggered by a faulting access is suppressed until theretirement of the whole instruction block. In a combination with the factthat memory accesses may populate the cache even when the block is beingdropped and never committed (executed), an unprivileged local attackercould use this flaw to read privileged (kernel space) memory by conductingtargeted cache side-channel attacks. (CVE-2017-5754, Important)